Bug 698220 - rpc.svcgssd: Segmentation fault on error
rpc.svcgssd: Segmentation fault on error
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: nfs-utils (Show other bugs)
6.1
Unspecified Unspecified
urgent Severity urgent
: rc
: 6.1
Assigned To: Steve Dickson
yanfu,wang
: Regression
Depends On: 697928 697931
Blocks:
  Show dependency treegraph
 
Reported: 2011-04-20 09:07 EDT by Steve Dickson
Modified: 2014-02-21 02:29 EST (History)
5 users (show)

See Also:
Fixed In Version: nfs-utils-1.2.3-7
Doc Type: Bug Fix
Doc Text:
Previously, an incorrect principal in the NFS client request could have caused the rpc.svcgssd daemon to terminate unexpectedly with a segmentation fault. This was caused by an error in the underlying code. This update adapts the code and rpc.svcgssd no longer crashes.
Story Points: ---
Clone Of: 697931
Environment:
Last Closed: 2011-05-19 10:19:06 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Proposed Patch (939 bytes, patch)
2011-04-20 09:14 EDT, Steve Dickson
no flags Details | Diff

  None (edit)
Description Steve Dickson 2011-04-20 09:07:42 EDT
+++ This bug was initially created as a clone of Bug #697931 +++

+++ This bug was initially created as a clone of Bug #697928 +++

Description of problem:
rpc.svcgssd Segmentation faults on "Wrong principal in request"

Version-Release number of selected component (if applicable):
nfs-utils-1.2.3-5

How reproducible:
All the time.

--- Additional comment from updates@fedoraproject.org on 2011-04-20 08:44:47 EDT ---

nfs-utils-1.2.3-11.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/nfs-utils-1.2.3-11.fc15
Comment 1 Steve Dickson 2011-04-20 09:14:36 EDT
Created attachment 493488 [details]
Proposed  Patch
Comment 8 yanfu,wang 2011-04-21 06:54:16 EDT
hi Steve,
Could you tell me how did you trigger the issue?
Comment 9 Steve Dickson 2011-04-23 07:46:17 EDT
(In reply to comment #8)
> hi Steve,
> Could you tell me how did you trigger the issue?
The way I triggered this to have a F13 client, with a stale
/etc/keytab, do a mount against a f15 server. This cause
rpc.svcgssd to segfault and dump core. Once I figured 
out the problem, I quickly realized the problem was
in f14, f15, and RHEL6. So in the end I never did 
reproduce the problem on RHEL6.

Maybe one way to reproduce this is to create 
a /etc/keytab that does not have an DNS-able 
host name. They try a secure mount to a rhel6
server. If the error "Wrong principal in request"
is logged, you know you have reproduced the problem.
Comment 10 yanfu,wang 2011-04-24 04:04:54 EDT
(In reply to comment #9)
> (In reply to comment #8)
> > hi Steve,
> > Could you tell me how did you trigger the issue?
> The way I triggered this to have a F13 client, with a stale
> /etc/keytab, do a mount against a f15 server. This cause
> rpc.svcgssd to segfault and dump core. Once I figured 
> out the problem, I quickly realized the problem was
> in f14, f15, and RHEL6. So in the end I never did 
> reproduce the problem on RHEL6.
> 
> Maybe one way to reproduce this is to create 
> a /etc/keytab that does not have an DNS-able 
> host name. They try a secure mount to a rhel6
> server. If the error "Wrong principal in request"
> is logged, you know you have reproduced the problem.

hi Steve,
Sorry, I still can't reproduce the problem.
If I create a /etc/keytab that does not have an DNS-able host name, I will just got Permission denied of mount on client since No credentials created and found caused by the wrong entry in keytab (rpc.gssd[4406]: ERROR: No credentials found for connection to server...), so the client hadn't talked to rpc.svcgssd.

So how do you let /etc/keytab stale? (comment nameserver in /etc/resolv.conf or get nfs/client@REALM credential first then remove the principal in kdc? All I do just got "Permission denied" on nfs client.)

I test on the unpatch package nfs-utils-1.2.3-6.el6 on RHEL6.1:
kdc: dell-pe1855-01.rhts.eng.bos.redhat.com
nfs server: hp-xw6400-02.lab.bos.redhat.com
nfs client: dell-pesc1425-02.rhts.eng.bos.redhat.com

I will be appreciative if you could help me to check more.
Comment 11 Steve Dickson 2011-04-26 10:57:22 EDT
(In reply to comment #10)
> (In reply to comment #9)
> > (In reply to comment #8)
> > > hi Steve,
> > > Could you tell me how did you trigger the issue?
> > The way I triggered this to have a F13 client, with a stale
> > /etc/keytab, do a mount against a f15 server. This cause
> > rpc.svcgssd to segfault and dump core. Once I figured 
> > out the problem, I quickly realized the problem was
> > in f14, f15, and RHEL6. So in the end I never did 
> > reproduce the problem on RHEL6.
> > 
> > Maybe one way to reproduce this is to create 
> > a /etc/keytab that does not have an DNS-able 
> > host name. They try a secure mount to a rhel6
> > server. If the error "Wrong principal in request"
> > is logged, you know you have reproduced the problem.
> 
> hi Steve,
> Sorry, I still can't reproduce the problem.
> If I create a /etc/keytab that does not have an DNS-able host name, I will just
> got Permission denied of mount on client since No credentials created and found
> caused by the wrong entry in keytab (rpc.gssd[4406]: ERROR: No credentials
> found for connection to server...), so the client hadn't talked to rpc.svcgssd.
> 
> So how do you let /etc/keytab stale? (comment nameserver in /etc/resolv.conf or
> get nfs/client@REALM credential first then remove the principal in kdc? All I
> do just got "Permission denied" on nfs client.)
> 
> I test on the unpatch package nfs-utils-1.2.3-6.el6 on RHEL6.1:
> kdc: dell-pe1855-01.rhts.eng.bos.redhat.com
> nfs server: hp-xw6400-02.lab.bos.redhat.com
> nfs client: dell-pesc1425-02.rhts.eng.bos.redhat.com
> 
> I will be appreciative if you could help me to check more.
Hmm... I wonder if the krb5 libraries are different on F15 
than RHEL6... Like I said I was only able to reproduce the
problem with F15... 

Since the fix is so obvious, simply removing a '%s' from a printf()
statement, it spending time on trying to induce an uncommon error
worth it? Can't you simply review the patch and say yes this bug
is fixed?
Comment 12 yanfu,wang 2011-04-26 22:19:49 EDT
do code review and verify the patch apply is sane:
...
Patch003: nfs-utils-1.2.3-rpcsvcgssd-segfault.patch

# 698220 - rpc.svcgssd: Segmentation fault on error
%patch003 -p1

%changelog
* Wed Apr 20 2011 Steve Dickson <steved@redhat.com> 1.2.3-7
- Fixed segfault in rpc.svcgssd (bz 698220)

# ls -l SOURCES/nfs-utils-1.2.3-rpcsvcgssd-segfault.patch 
-rw-r--r--. 1 root root 939 Apr 20 13:17 SOURCES/nfs-utils-1.2.3-rpcsvcgssd-segfault.patch
Comment 13 Eva Kopalova 2011-05-12 11:44:52 EDT
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Previously, an incorrect principal in the NFS client request could have caused the rpc.svcgssd daemon to terminate unexpectedly with a segmentation fault. This was caused by an error in the underlying code. This update adapts the code and rpc.svcgssd no longer crashes.
Comment 14 errata-xmlrpc 2011-05-19 10:19:06 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-0738.html

Note You need to log in before you can comment on or make changes to this bug.